View original document

The full text on this page is automatically extracted from the file linked above and may contain errors and inconsistencies.

FDIC ISSUES POLICY STATEMENT URGING
BANKS TO OBTAIN ANNUAL INDEPENDENT EXTERNAL AUDIT
The Board of Directors of the Federal Deposit Insurance Corporation
adopted

a

new

policy

statement that strongly encourages all state nonmember

banks to adopt an annual independent
policy

today

external

auditing

program.

The

final

statement, proposed by the agency on April 13, 1988, also suggests that

all state nonmember banks establish an audit

committee

composed

entirely

of

outside directors.
In issuing the policy statement, the FDIC
auditing

that

a

problems

in

lessens

the

a bank will go undetected.

risk

internal

that

potentially

The FDIC Board stated:

large number of financial institutions experiencing financial
a

strong

function, combined with an annual external auditing program performed

by an independent auditor, substantially
serious

noted

"The

difficulties

as

result of fraud, insider abuse and mismanagement in recent years has made an

external auditing program even more important."
Under the new policy statement, the FDIC:
o

recommends that annual external
either

independent

auditing

programs

be

performed

by

public accountants or other qualified independent

parties;
o

notes
an

that

annual

generally

although

an external audit is not mandatory, a bank with

independent
be

considered

audit

of

its

to

have

a

financial

statements

would

satisfactory external auditing

program;
(more)

FEDERAL DEPOSIT INSURANCE CORPORATION, 550 Seventeenth St., N.W., Washington, D.C. 20429 • 202-898-6996




-

o

suggests

that

2

-

banks send copies of external auditors’ reports to the

appropriate FDIC regional office as soon as possible after receipt
the report;
o

and

reiterates its expectation
outside

of

audit

for

at

for

least

newly
the

insured

first

banks

three

to

obtain

an

years after deposit

insurance is granted.
Additionally,

if

a

bank’s

audit committee or board of directors decides

pot to have an independent public accountant perform an
bank’s

financial

statements,

the

pension to use one of the acceptable

reasons

for

the

alternatives

or

annual

audit

committee’s
to

have

no

of

the

or board’s
external

auditing program should be documented in its minutes.
i p In response to comments, the FDIC’s new policy statement
¡appendix

now

containing definitions of terms used in the statement.

pf the new policy statement is attached.

Attachment

pistri but ion : Insured Nonmember Banks (Commercial and Mutual)




includes

an

The full text

Statement of Policy Regarding
Independent External Auditing Programs of State Nonmember Banks

1. In view of its interest in the financial soundness of banks and the
banking system, the FDIC believes that a strong internal auditing function
combined with a well-planned external auditing program^ substantially
lessens the risk that a bank will not detect potentially serious problems. An
external auditing program is a set of procedures designed to test and evaluate
high risk areas of a bank's business which are performed by an independent;
auditor who may or may not be a public accountant. The failure to detect and
correct potentially serious problems increases the risk a bank poses to the
FDIC1s insurance fund. A strong internal auditing function establishes the
proper control environment and promotes accuracy and efficiency in a bank s
operations. An external auditing program complements this function by
providing an objective outside view of the bank's operations.
2. Regardless of the strength of a bank's internal auditing procedures, the
FDIC believes that an external auditing program should be considered by a
bank's board of directors as part of the cost of operating a bank in a safe
and sound manner. An external auditing program assists the bank's board of
directors in safeguarding assets and identifying risks inherent in its
operation. In addition, an external auditing program may tend to assist
directors in the event of litigation on whether an institution's board has
exercised reasonable care in protecting the assets of the bank. Thus, the
FDIC urges all state nonmember banks to establish and maintain a sound
external auditing program.
3. The FDIC strongly encourages the board of directors of each state
nonmember bank to establish an audit committee consisting, if possible,
entirely of outside directors. The audit committee or board of directors of^
each state nonmember bank generally should analyze the extent of the external
auditing coverage needed by the bank annually. They should determine whether
the bank's needs will best be met by an audit of its financial statements or
by an acceptable alternative (described in paragraphs 8 and 9 below). When
selecting the scope of the planned external auditing program for the year, the
committee or board should ensure that the program will provide sufficient
substantive external coverage of the bank's risk areas and any other areas of
potential concern, such as compliance with applicable laws and regulations.

JV Terms defined in Appendix A are underlined the first time they appear in
this statement of policy.




-

1-

If not, additional external auditing procedures conducted by an independent
auditor may be appropriate for a specific year or several years to cover
particularly high risk areas of the bank. The decisions resulting from these
deliberations should be recorded in the committee's or board's minutes.
4. If the audit committee or board of directors of a bank, after due
consideration, determines not to engage an Independent public accountant to
conduct an annual audit of the bank's financial statements (or whose parent
holding company's consolidated financial statements are not audited), the
reasons for the committee's or board's conclusion to use one of the acceptable
alternatives or to have no external auditing program should be documented in
its minutes. In the evaluation, the committee or board generally should
consider not only the cost of an annual audit of the bank's financial
statements, but also the potential benefits.
5. A review of both a bank's Internal and external auditing programs has been
and will continue to be a part of the FDIC's examination procedures. FDIC
examiners will review the nature of each bank's external auditing program in
conjunction with the risk areas perceived in that particular bank's business
and operations, and they will exercise their judgment and discretion in
evaluating the adequacy of a bank's external auditing program. Examiners will
not automatically comment negatively to the board of directors of a bank with
an otherwise satisfactory external auditing program merely because it does not
engage an independent public accountant to perform an audit of its financial
statements.
Audit bv an Independent Public Accountant
6. The FDIC strongly encourages each state nonmember bank to adopt an
external auditing program that includes an annual audit of its financial
statements by an independent public accountant. A bank that does so would
generally be considered to have a satisfactory external auditing program. An
external audit of a bank's financial statements benefits management by
assisting in the establishment of the accounting and operating policies,
internal controls, internal auditing programs, and management information
systems necessary to ensure the fair presentation of these statements. An
audit also assists boards of directors in fulfilling their fiduciary
responsibilities and provides them greater assurance that financial reports
are accurate and provide adequate disclosure.
7. An audit of a bank's financial statements performed by the independent
public accountant as of a quarter-end date when the Reports of Condition and
Income are prepared is preferable and would permit the bank to use the audited
financial statements in the preparation and/or subsequent review of those
reports. A bank may also find it more cost effective to be audited during
accounting firms' less busy periods. The independent public accountant chosen
should be experienced in auditing banks and knowledgeable about banking
regulations in order to provide the bank with the most effective service.




Alternatives to an Audit bv a Public Accountant
8. The FDIC recognizes that a bank's audit committee or board of directors
may determine that the external auditing program that will best meet its
individual needs for that particular year will be other than an audit of its
financial statements by an independent public accountant. The committee or
board, after a full review of alternative and/or supplemental approaches for
an adequate Independent external auditing program, may decide on a
well-planned directors' examination, an independent analysis of internal
controls or other areas, a report on the balance sheet, or specified auditing
procedures by an independent auditor. If the bank has an outside auditing
firm that is simply obtaining confirmations of deposits and loans, for
example, the committee or board should normally expand the scope of the
auditing work performed to include additional procedures to test the bank's
high risk areas.
9. Nonaccounting firms with bank auditing experience and expertise that are
independent of the bank are available in some geographic locations. They may
provide acceptable directors' examinations, analyses, or specified auditing
work at a reasonable cost. In some instances, these firms' services include
nonauditing work which enables them to provide suggestions on compliance
issues and operational efficiencies. Depending upon the expertise of the firm
and the scope of the engagement, these nonaccounting firms may be an
appropriate choice for an external auditing program.
Newly Insured Banks
10. The FDIC believes that an adequate external auditing program performed by
an independent auditor should be an integral part of the safe and sound
management of a bank. Thus, applicants for deposit insurance coverage after
the effective date of this statement of policy will generally be expected to
commit their bank to obtain an audit of their financial statements by an
independent public accountant annually for at least the first three years
after deposit insurance coverage is g r a n t e d . T h e FDIC may determine on a
case-by-case basis that an independent audit of financial statements is
unnecessary where an applicant can demonstrate that the benefits derived from

Operating non-FDIC insured institutions should also note that the FDIC
expects, unless waived in writing by the FDIC, any applicant for insurance
with more than $50 million in assets to have an audit of its financial
statements prior to submitting an application, and requests that a copy of the
auditor's report be Included as part of the application. The FDIC may require
such an audit, on a case-by-case basis, for applicants with assets of $50
million or less. Refer to the June 9, 1987 Statement of Policy Regarding
Applications for Federal Deposit Insurance by Operating Non-FDIC Insured
Institutions, as amended June 24, 1987.




such an external audit will be substantially provided by other outside
sources, or where the applicant is owned by another company and will undergo
an audit performed by an Independent public accounting firm as part of an
audit of the consolidated financial statements of its parent company.
Notification and Submission of Reports
11. Whether currently or newly Insured, the FDIC requests each state
nonmember bank that undergoes any external auditing work, regardless of the
scope of the work, to furnish a copy of any reports by the public accountant
or other external auditor, including any management letters, to the
appropriate FDIC regional office as soon as possible after their receipt by
the bank.
12. In addition, the FDIC requests each bank to promptly notify the
appropriate FDIC regional office when any public accountant or other external
auditor is Initially engaged to perform external auditing procedures and when
a change in its accountant or auditor occurs.
Holding Company Subsidiaries
13. When the audit committee or board of directors of any state nonmember
bank owned by another company (such as a bank holding company) considers its
external auditing program, it may find it appropriate to express the scope of
its program in terms of the bank's relationship to the consolidated group. No
section of this statement of policy is Intended to imply that any state
nonmember bank owned by another company is expected to obtain a separate audit
of the financial statements of the individual bank. Where the state nonmember
bank is directly or indirectly included In the audit of the consolidated
financial statements of its parent company performed by an Independent public
accounting firm, the state nonmember bank may send one copy of the comparable
reports by the public accountant or notification of the change in accountants
for the consolidated company to the appropriate regional director. If several
banks supervised by the same FDIC regional office are owned by one parent
company, a single copy of each report applicable to the consolidated company
may be submitted to the regional office on behalf of all of the affiliated
banks.
Troubled Banks
14. An annual independent external auditing program complements both the
FDIC's supervisory process and bank internal auditing programs by further
identifying or clarifying Issues of potential concern or exposure. It can
also greatly aid management in taking corrective action, particularly when
weaknesses are detected 1n internal control or management Information
systems. For these reasons, an annual audit of bank financial statements
performed by an independent public accounting firm or, If more appropriate,
specified auditing procedures will be a condition of future enforcement
actions, when deemed necessary, or if it appears that any of the following
conditions may exist:
(a)




internal controls and internal auditing procedures are
inadequate;

-4-

(b)
(c)
(d)
(e)
(f)
(f)
(g)

the directorate is generally uninformed 1n the area of
Internal controls;
there 1s evidence of Insider abuse;
there are known or suspected defalcations;
there Is known or suspected criminal activity;
1t 1s probable that director liability for losses exists;
direct verification Is warranted; and/or
questionable transactions with affiliates have occurred.

15. Such an enforcement action may also require that (a) the bank provide to
the appropriate FDIC regional office a copy of the auditor's report and any
management letter received from the auditor promptly after the completion of
any auditing work and that (b) the bank notify the regional office In advance
of the time and date of any meeting between management and the auditor at
which any auditing findings are to be presented so that a representative of
the FDIC may be present 1f the FDIC so chooses.
By order of the Board of Directors.
day Of
November _______ , 1988.

Dated at Washington, D.C. this — 16th

FEDERAL DEPOSIT INSURANCE CORPORATION

Executive Secretary
(SEAL)




-

5-

APPENDIX A
DEFINITIONS
Audit. An examination of the financial statements, accounting records, and
other supporting evidence of a bank performed by an independent certified or
licensed public accountant in accordance with generally accepted auditing
standards and of sufficient scope to enable the auditor to express an opinion
on the bank's financial statements as to their presentation 1n accordance with
generally accepted accounting principles (GAAP).
Audit Committee. A committee of the board of directors, consisting, if
possible, entirely of outside directors. To the extent possible, members of
the committee should be knowledgeable about accounting and auditing. They
should be responsible for reviewing and approving the bank's internal and
external auditing programs or recommending adoption of these programs to the
full board. Both the internal auditor and the external auditor should have
unrestricted access to the audit committee without the need for any prior
management knowledge or approval. Other duties of the audit committee should
include reviewing the independence of the external auditor annually, being
consulted by management when it seeks a second opinion on an accounting issue,
overseeing the quarterly regulatory reporting process, and reporting its
findings periodically to the full board of directors.
Directors' Examination. A review by an independent third party that has been
authorized by the bank's board of directors and is performed 1n accordance
with the board's analysis of potential risk areas. Certain procedures may
also be required as a result of state law. A directors' examination
consisting solely of such procedures as cash counts and confirmations of loans
and deposits would not normally be considered a well-planned directors'
examination. (Sometimes directors' examinations are similar to so-called
"engagement audits" or "operational audits." Nevertheless, no widely accepted
national standards exist for the specific procedures that must be performed in
directors' examinations or these "audits.")
External Auditing Program.
high risk areas of a bank's
not be a public accountant,
an opinion on the financial
procedures performed.

The performance of procedures to test and evaluate
business by an independent auditor, who may or may
sufficient for the auditor to be able to express
statements or to report on the results of the

Financial statements. The statements of financial position, income, cash
flows (changes in financial position), and changes 1n shareholders equity
together with related notes.
Independent. No certified public accountant, public accountant, or other
auditor will be recognized as independent who is not in fact independent.
(Reference is made to Section 335.604 of the FDIC Rules and Regulations for
the complete definition of the term "independent.")




-

6-

Outside Directors. Members of a bank's board of directors who are not
officers, employees, or principal stockholders of the bank, its subsidiaries,
or its affiliates, and do not have any material business dealings with the
bank, its subsidiaries, or its affiliates.
Public Accountant. A certified public accountant or licensed public
accountant who is duly registered and in good standing as such under the laws
of the place of his/her residence or principal office, who is licensed by the
accounting regulatory authority of his/her state, and who possesses a permit
to practice public accountancy.
Report on the Balance Sheet. An examination of the balance sheet, accounting
records, and other supporting evidence performed by an Independent certified
or licensed public accountant in accordance with generally accepted auditing
standards.
Risk Areas. The risk areas are those particular activities of a specific bank
that expose the bank to potential losses if problems were to exist and go
undetected. The highest risk areas in banks generally include, but are not
necessarily limited to, the valuation or collectibility of loans (including
the reasonableness of the allowance for loan losses), investments, and
repossessed and foreclosed collateral; internal controls; and insider
transactions.




-7-